CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank
Summary
TensorFlow (an open source machine learning platform) has a bug where certain inputs with incorrect dimensions crash the SdcaOptimizer component due to a failed validation check. This happens when `dense_features` or `example_state_data` inputs don't have the expected 2D structure (rank 2, meaning a table with rows and columns).
Solution / Mitigation
The fix is included in TensorFlow 2.11. For users on earlier versions, the patch will also be available in TensorFlow 2.10.1, 2.9.3, and 2.8.4. The specific fix is referenced in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa.
Vulnerability Details
4.8(medium)
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2024-5452: A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to im
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-41899
First tracked: February 15, 2026 at 08:41 PM
Classified by LLM (prompt v3) · confidence: 95%